CFIUS Advisory Services
CFIUS, The Committee on Foreign Investment in the United States (“Committee”), is a multi-agency government body—formed in 1975 and chaired by the U.S. Secretary of the Treasury—charged with reviewing certain business acquisition transactions that involve a foreign entity. The Committee’s review is to determine a transaction’s potential impact on the national security of the United States.
The Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) strengthened, modernized and expanded CFIUS’ reach to include both controlling and non-controlling investment by potentially harmful foreign entities in U.S. critical Technologies, critical Infrastructure, and sensitive personal Data of U.S. citizens (referred to as TID).
On February 13, 2020, final regulations were released addressing the following: (1) covered real estate transactions and (2) all other covered transactions. Voluntary filings should be considered for all required transactions identified as CFIUS does have the authority to review transactions after they have been completed and potentially could determine that they impact national security and require an unwinding of deals. If a voluntary filing is made and CFIUS has no concerns, the parties to the transaction can receive a “safe harbor” letter from CFIUS which would prevent the transaction from subsequently being blocked by CFIUS.
It is incumbent on U.S. companies involved with a foreign acquirer or investor to understand their CFIUS reporting obligations with respect to potential national security threats:
- Recognize potential threats posed by a foreign acquirer or host nation.
- Identify sensitive assets including real estate, data, operations, contracts, technology or other information.
- Develop and implement processes to assess, resolve, mitigate, monitor, and audit risks.
How EisnerAmper Can Help
We provide independent, third-party audit, readiness assessment, and monitoring with respect to your CFIUS obligations. Our proactive services are designed to be clearly auditable and measurable; and to effectively address potential risk points.
Our CFIUS services focus on three key areas:
Pre-Filing Transaction Risk Assessment
This includes assessments of a company’s operations, subsidiaries, supply chain, corporate security policies and procedures, and information technology. It also includes those controls over customer data, critical technology, financial systems, vendor management program, and internal IT architecture. The risk assessment will also consider the buyer’s interests, structure, business lines and any known government relationships. Buyers may want to consider a risk assessment of themselves before contemplating an acquisition in order to determine the effort and cost that may be necessary to satisfy U.S. regulations.
This phase entails developing or revising policies and procedures surrounding each National Security Agreement article of CFIUS. This includes application and system enhancements, enhanced monitoring of access and access privileges, cybersecurity protocols, physical access controls, and testing protocols. We also create comprehensive training modules for key stakeholders.
On-Going Analysis, Monitoring/Audit
Our team will test and validate risk-mitigation controls surrounding data/technology, operations and governance management, and employee compliance and incidence response training. This approach is designed to both expedite and make the CFIUS reporting process more accurate.
Our team of industry professionals have a unique blend of cross-discipline capabilities and practical experience in:
- Business planning, operations and process integration
- Critical infrastructure
- Cyber, data, and physical security
- Data governance and analytics
- Enterprise risk management
- Intellectual property
- Investment advice
- Real Estate
- Risk assessments